A
Azazel
@Andy Ful
Do blocking outbound connection of lolbins also block legitimate traffic or just useless telemetry?
Do blocking outbound connection of lolbins also block legitimate traffic or just useless telemetry?
As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.@Andy Ful
Do blocking outbound connection of lolbins also block legitimate traffic or just useless telemetry?
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.As it is mentioned in the FirewallHardening Help, the outbound connections are blocked by Windows policies. All outbound connection of the LOLBin is blocked.
What I meant is, is the legitimate traffic from LOLBins important for windows normal functionality or just something not important.
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.What is unclear in the: All outbound connection of the LOLBin is blocked?
Yes, I should write:
All outbound connections of the LOLBin are blocked.
Along with firewall hardening I use Simplewall to block all connections, only allowing Apps I use like browser and F-Secure and haven't faced any issue regarding Windows functionality.The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
The question was not about whether all traffic is blocked, but if some of the traffic is IMPORTANT for windows functionality.
Do we have any idea why they connect to Microsoft servers and what they do with it and if so connection to Microsoft's ip addresses could be whitelisted along with their port they are using.
That's why you should check the blocked connections log and have a working backup. No dev can guarantee you a 100% problem free experience. You can always be one of the 0.5% exceptional cases (number made up).I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.
I mean that if any problems can happen to windows functionality by blocking lolbins outside connection.